New Mirai botnet infect TBK DVR devices via command injection flaw
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them.
Bill Toulas | bleepingcomputer.com • Jun 8, 2025
💡 t.me/zerotrusthackers
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them.
Bill Toulas | bleepingcomputer.com • Jun 8, 2025
💡 t.me/zerotrusthackers
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups
OpenAI banned ChatGPT accounts tied to Russian, Chinese, and Iranian hackers using AI for malware and influence campaigns.
The Hacker News | thehackernews.com • Jun 9, 2025
💡 t.me/zerotrusthackers
OpenAI banned ChatGPT accounts tied to Russian, Chinese, and Iranian hackers using AI for malware and influence campaigns.
The Hacker News | thehackernews.com • Jun 9, 2025
💡 t.me/zerotrusthackers
9th June | 🥷Bug Bounty Write-Ups
Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities
https://rhinosecuritylabs.com/research/infoblox-multiple-cves/
Cyber Security Updates Here: Daily Posts at Your Comfort
https://t.me/zerotrusthackers
Poison everywhere: No output from your MCP server is safe
https://www.cyberark.com/resources/threat-research-blog/poison-everywhere-no-output-from-your-mcp-server-is-safe
Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]
https://fearsoff.org/research/roundcube
The Ultimate Guide to JWT Vulnerabilities and Attacks (with Exploitation Examples)
https://pentesterlab.com/blog/jwt-vulnerabilities-attacks-guide
Weaponizing Dependabot: Pwn Request at its finest
https://boostsecurity.io/blog/weaponizing-dependabot-pwn-request-at-its-finest
Cobalt Pentester Spotlight - Egidio Romano
https://www.cobalt.io/blog/cobalt-pentester-spotlight-egidio-romano
arete | Fuzzing WebSockets for Server-Side Vulnerabilities
https://arete06.com/posts/fuzzing-ws/
Daily Cyber Security Updates Here:
https://t.me/zerotrusthackers
WhatsApp Channel:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918
Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities
https://rhinosecuritylabs.com/research/infoblox-multiple-cves/
Cyber Security Updates Here: Daily Posts at Your Comfort
https://t.me/zerotrusthackers
Poison everywhere: No output from your MCP server is safe
https://www.cyberark.com/resources/threat-research-blog/poison-everywhere-no-output-from-your-mcp-server-is-safe
Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]
https://fearsoff.org/research/roundcube
The Ultimate Guide to JWT Vulnerabilities and Attacks (with Exploitation Examples)
https://pentesterlab.com/blog/jwt-vulnerabilities-attacks-guide
Weaponizing Dependabot: Pwn Request at its finest
https://boostsecurity.io/blog/weaponizing-dependabot-pwn-request-at-its-finest
Cobalt Pentester Spotlight - Egidio Romano
https://www.cobalt.io/blog/cobalt-pentester-spotlight-egidio-romano
arete | Fuzzing WebSockets for Server-Side Vulnerabilities
https://arete06.com/posts/fuzzing-ws/
Daily Cyber Security Updates Here:
https://t.me/zerotrusthackers
WhatsApp Channel:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918
32 Advance Search Engine For Hacker
1. www.shodan.io/ (IoT device search engine)
2. censys.io/ (Internet asset discovery platform)
3. www.zoomeye.org/ (Cyberspace search engine for devices)
4. www.greynoise.io/ (Internet noise and threat intelligence)
5. www.onyphe.io/ (Cyber defense search engine)
6. www.binaryedge.io/ (Threat intelligence data platform)
7. www.fofa.info/ (Cyberspace asset mapping engine)
8. leakix.net/ (Information leaks search engine)
9. www.criminalip.io/ (Asset inventory and risk assessment)
10. www.netlas.io/ (Attack surface discovery platform)
11. www.dehashed.com/ (Leaked credentials search engine)
12. securitytrails.com/ (DNS and domain data platform)
13. www.dorksearch.com/ (Google dorking search tool)
14. www.exploit-db.com/ (Exploit and vulnerability archive)
15. pulsedive.com/ (Threat intelligence search engine)
16. grayhatwarfare.com/ (Public S3 buckets search engine)
17. polyswarm.io/ (Threat detection marketplace)
18. urlscan.io/ (Website and URL scanning service)
19. vulners.com/ (Vulnerability database and search engine)
20. archive.org/web/ (Historical web page archive)
21. crt.sh/ (Certificate transparency search engine)
22. wigle.net/ (Wireless network mapping platform)
23. publicwww.com/ (Source code search engine)
24. hunter.io/ (Email address finder tool)
25. intelx.io/ (OSINT and data breach search)
26. grep.app/ (Code search engine for GitHub)
27. www.packetstomsecurity.com/ (Security tools and resources)
28. searchcode.com/ (Source code and API search engine)
29. www.dnsdb.info/ (Historical DNS data search)
30. fullhunt.io/ (Attack surface discovery platform)
31. www.virustotal.com/ (Malware analysis and file scanning)
32. dnsdumpster.com/ (DNS recon and research tool)
Top Hackers Tools👇
https://t.me/zerotrusthackers/47
Cyber Security & Ethical Hacking Courses👇
https://t.me/zerotrusthackers/41
More Resources Here
https://whatsapp.com/channel/0029VaxVv551iUxRku094918
➡️ Give 100+ Reactions for More Such Content 🤟
1. www.shodan.io/ (IoT device search engine)
2. censys.io/ (Internet asset discovery platform)
3. www.zoomeye.org/ (Cyberspace search engine for devices)
4. www.greynoise.io/ (Internet noise and threat intelligence)
5. www.onyphe.io/ (Cyber defense search engine)
6. www.binaryedge.io/ (Threat intelligence data platform)
7. www.fofa.info/ (Cyberspace asset mapping engine)
8. leakix.net/ (Information leaks search engine)
9. www.criminalip.io/ (Asset inventory and risk assessment)
10. www.netlas.io/ (Attack surface discovery platform)
11. www.dehashed.com/ (Leaked credentials search engine)
12. securitytrails.com/ (DNS and domain data platform)
13. www.dorksearch.com/ (Google dorking search tool)
14. www.exploit-db.com/ (Exploit and vulnerability archive)
15. pulsedive.com/ (Threat intelligence search engine)
16. grayhatwarfare.com/ (Public S3 buckets search engine)
17. polyswarm.io/ (Threat detection marketplace)
18. urlscan.io/ (Website and URL scanning service)
19. vulners.com/ (Vulnerability database and search engine)
20. archive.org/web/ (Historical web page archive)
21. crt.sh/ (Certificate transparency search engine)
22. wigle.net/ (Wireless network mapping platform)
23. publicwww.com/ (Source code search engine)
24. hunter.io/ (Email address finder tool)
25. intelx.io/ (OSINT and data breach search)
26. grep.app/ (Code search engine for GitHub)
27. www.packetstomsecurity.com/ (Security tools and resources)
28. searchcode.com/ (Source code and API search engine)
29. www.dnsdb.info/ (Historical DNS data search)
30. fullhunt.io/ (Attack surface discovery platform)
31. www.virustotal.com/ (Malware analysis and file scanning)
32. dnsdumpster.com/ (DNS recon and research tool)
Top Hackers Tools👇
https://t.me/zerotrusthackers/47
Cyber Security & Ethical Hacking Courses👇
https://t.me/zerotrusthackers/41
More Resources Here
https://whatsapp.com/channel/0029VaxVv551iUxRku094918
➡️ Give 100+ Reactions for More Such Content 🤟
👍1
🚀𝐁𝐨𝐨𝐬𝐭 𝐘𝐨𝐮𝐫 𝐂𝐚𝐫𝐞𝐞𝐫 𝐰𝐢𝐭𝐡 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭’𝐬 𝐅𝐫𝐞𝐞 𝐂𝐨𝐮𝐫𝐬𝐞𝐬!
💡 Learn directly from industry leaders at Microsoft and LinkedIn Learning and gain in-demand skills to elevate your career—all without spending a dime!
𝐋𝐢𝐧𝐤👇:-
https://tinyurl.com/nheyanxr
📈 Don’t miss this chance to build your skills, earn certifications, and get job-ready—all for free. Your journey in data analytics begins now!
🔗 Start Learning Today!
💡 Learn directly from industry leaders at Microsoft and LinkedIn Learning and gain in-demand skills to elevate your career—all without spending a dime!
𝐋𝐢𝐧𝐤👇:-
https://tinyurl.com/nheyanxr
📈 Don’t miss this chance to build your skills, earn certifications, and get job-ready—all for free. Your journey in data analytics begins now!
🔗 Start Learning Today!
New Secure Boot flaw lets attackers install bootkit malware, patch now
Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware.
Lawrence Abrams | bleepingcomputer.com • Jun 10, 2025
💡 t.me/zerotrusthackers
Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware.
Lawrence Abrams | bleepingcomputer.com • Jun 10, 2025
💡 t.me/zerotrusthackers
Forwarded from Free Courses: Google | Microsoft | Udemy | Coursera | IBM | NVIDIA | LinkedIn Learning | MIT | Udemy Coupons & PDF Books
8 Free AI Courses by Google
🚀 Google is offering 8 amazing AI courses—perfect for beginners and pros! Whether you're curious about machine learning or want to sharpen your AI skills, these courses are a golden opportunity.
💡 No cost, no catch—just pure knowledge from one of the biggest names in tech.
𝐋𝐢𝐧𝐤👇
https://techurl.in/iOhWh
✅ Don’t miss out on this chance to boost your career or explore a new field
🚀 Google is offering 8 amazing AI courses—perfect for beginners and pros! Whether you're curious about machine learning or want to sharpen your AI skills, these courses are a golden opportunity.
💡 No cost, no catch—just pure knowledge from one of the biggest names in tech.
𝐋𝐢𝐧𝐤👇
https://techurl.in/iOhWh
✅ Don’t miss out on this chance to boost your career or explore a new field
❤1
U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure
U.S. issues warning on potential Iranian cyber-attacks, urging stronger protections for critical infrastructure and defense sectors.
The Hacker News | thehackernews.com • Jun 30, 2025
💡 t.me/zerotrusthackers
U.S. issues warning on potential Iranian cyber-attacks, urging stronger protections for critical infrastructure and defense sectors.
The Hacker News | thehackernews.com • Jun 30, 2025
💡 t.me/zerotrusthackers
Germany asks Google, Apple remove DeepSeek AI from app stores
The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations.
Bill Toulas | bleepingcomputer.com • Jun 30, 2025
💡 t.me/zerotrusthackers
The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations.
Bill Toulas | bleepingcomputer.com • Jun 30, 2025
💡 t.me/zerotrusthackers
30th June | 🥷Bug Bounty Write-Ups
Demystifying MCP (Model Context Protocol): 3 Common Mis
https://www.pynt.io/blog/api-era/demystifying-mcp-model-context-protocol-3-common-misconceptions
Cyber Security Updates Here: Daily Posts at Your Comfort
https://t.me/zerotrusthackers
Make Self-XSS Great Again
https://blog.slonser.info/posts/make-self-xss-great-again/
Human-Centric Hosting in the Age of AI: Q&A with Zach Aufort of BigScoots
https://patchstack.com/articles/human-centric-hosting-in-the-age-of-ai-with-zach-aufort-of-bigscoots/
Double Dash, Double Trouble: A Subtle SQL Injection Flaw
https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/
Is your AI safe? Threat analysis of MCP (Model Context Protocol)
https://www.cyberark.com/resources/threat-research-blog/is-your-ai-safe-threat-analysis-of-mcp-model-context-protocol
Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork
https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44
Novel SSRF Technique Involving HTTP Redirect Loops › Searchlight Cyber
https://slcyber.io/assetnote-security-research-center/novel-ssrf-technique-involving-http-redirect-loops/
Daily Cyber Security Updates Here:
https://t.me/zerotrusthackers
WhatsApp Channel:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918
Demystifying MCP (Model Context Protocol): 3 Common Mis
https://www.pynt.io/blog/api-era/demystifying-mcp-model-context-protocol-3-common-misconceptions
Cyber Security Updates Here: Daily Posts at Your Comfort
https://t.me/zerotrusthackers
Make Self-XSS Great Again
https://blog.slonser.info/posts/make-self-xss-great-again/
Human-Centric Hosting in the Age of AI: Q&A with Zach Aufort of BigScoots
https://patchstack.com/articles/human-centric-hosting-in-the-age-of-ai-with-zach-aufort-of-bigscoots/
Double Dash, Double Trouble: A Subtle SQL Injection Flaw
https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/
Is your AI safe? Threat analysis of MCP (Model Context Protocol)
https://www.cyberark.com/resources/threat-research-blog/is-your-ai-safe-threat-analysis-of-mcp-model-context-protocol
Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork
https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44
Novel SSRF Technique Involving HTTP Redirect Loops › Searchlight Cyber
https://slcyber.io/assetnote-security-research-center/novel-ssrf-technique-involving-http-redirect-loops/
Daily Cyber Security Updates Here:
https://t.me/zerotrusthackers
WhatsApp Channel:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918
❤2
🚨 83% of attacks now involve stolen credentials—and machines outnumber humans 50 to 1.
The real threat? Leaked API keys & orphaned tokens silently granting access across your stack.
GitGuardian just launched a smarter way to track every secret & secure your non-human identities.
🛡 t.me/zerotrusthackers
The real threat? Leaked API keys & orphaned tokens silently granting access across your stack.
GitGuardian just launched a smarter way to track every secret & secure your non-human identities.
🛡 t.me/zerotrusthackers
🚨 Microsoft is killing password support in its Authenticator app by August 2025.
Autofill dies in July.
Saved logins? Only accessible in Edge—if it’s your default autofill.
Don’t export in time? You lose them.
🛡 t.me/zerotrusthackers
Autofill dies in July.
Saved logins? Only accessible in Edge—if it’s your default autofill.
Don’t export in time? You lose them.
🛡 t.me/zerotrusthackers
🚨 A new Chrome zero-day is already being exploited in the wild.
Discovered by Google TAG on June 25, CVE-2025-6554 lets attackers run malicious code via a crafted web page.
It targets Chrome’s V8 engine—again.
🛡 t.me/zerotrusthackers
Discovered by Google TAG on June 25, CVE-2025-6554 lets attackers run malicious code via a crafted web page.
It targets Chrome’s V8 engine—again.
🛡 t.me/zerotrusthackers
🚨 85% of work now happens in the browser—yet most orgs still can’t see what’s pasted into ChatGPT.
A new guide exposes how GenAI, BYOD, and rogue extensions turned the browser into the #1 blind spot in enterprise security.
🛡 t.me/zerotrusthackers
A new guide exposes how GenAI, BYOD, and rogue extensions turned the browser into the #1 blind spot in enterprise security.
🛡 t.me/zerotrusthackers
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
CVE-2025-20309 in Cisco Unified CM could grant root access, allowing arbitrary command execution.
The Hacker News | thehackernews.com • Jul 3, 2025
🛡 t.me/zerotrusthackers
CVE-2025-20309 in Cisco Unified CM could grant root access, allowing arbitrary command execution.
The Hacker News | thehackernews.com • Jul 3, 2025
🛡 t.me/zerotrusthackers
30th June | 🥷Bug Bounty Write-Ups
Demystifying MCP (Model Context Protocol): 3 Common Mis
https://www.pynt.io/blog/api-era/demystifying-mcp-model-context-protocol-3-common-misconceptions
Cyber Security Updates Here: Daily Posts at Your Comfort
https://t.me/zerotrusthackers
How I Chained Directory Traversal and CSV Parser Abuse for RCE in a Django App
https://jineeshak.github.io/posts/Chaining-Directory-Traversal-and-CSV-Parser-Abuse-for-RCE-in-Django/
How we got persistent XSS on every AEM cloud site, thrice
https://slcyber.io/assetnote-security-research-center/how-we-got-persistent-xss-on-every-aem-cloud-site-thrice/
Guest Post: How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets ◆ Truffle Security Co.
https://trufflesecurity.com/blog/guest-post-how-i-scanned-all-of-github-s-oops-commits-for-leaked-secrets
Critical RCE in Anthropic MCP Inspector (CVE-2025-49596) Enables Browser-Based Exploits | Oligo Security
https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596
Azure's Role Roulette: How Over-Privileged Roles and API Vulnerabilities Expose Enterprise Networks
https://www.token.security/blog/azures-role-roulette-how-over-privileged-roles-and-api-vulnerabilities-expose-enterprise-networks
GitPhish: Automating Enterprise GitHub Device Code Phishing
https://www.praetorian.com/blog/gitphish-automating-enterprise-github-device-code-phishing/
Daily Cyber Security Updates Here:
https://t.me/zerotrusthackers
WhatsApp Channel:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918
Demystifying MCP (Model Context Protocol): 3 Common Mis
https://www.pynt.io/blog/api-era/demystifying-mcp-model-context-protocol-3-common-misconceptions
Cyber Security Updates Here: Daily Posts at Your Comfort
https://t.me/zerotrusthackers
How I Chained Directory Traversal and CSV Parser Abuse for RCE in a Django App
https://jineeshak.github.io/posts/Chaining-Directory-Traversal-and-CSV-Parser-Abuse-for-RCE-in-Django/
How we got persistent XSS on every AEM cloud site, thrice
https://slcyber.io/assetnote-security-research-center/how-we-got-persistent-xss-on-every-aem-cloud-site-thrice/
Guest Post: How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets ◆ Truffle Security Co.
https://trufflesecurity.com/blog/guest-post-how-i-scanned-all-of-github-s-oops-commits-for-leaked-secrets
Critical RCE in Anthropic MCP Inspector (CVE-2025-49596) Enables Browser-Based Exploits | Oligo Security
https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596
Azure's Role Roulette: How Over-Privileged Roles and API Vulnerabilities Expose Enterprise Networks
https://www.token.security/blog/azures-role-roulette-how-over-privileged-roles-and-api-vulnerabilities-expose-enterprise-networks
GitPhish: Automating Enterprise GitHub Device Code Phishing
https://www.praetorian.com/blog/gitphish-automating-enterprise-github-device-code-phishing/
Daily Cyber Security Updates Here:
https://t.me/zerotrusthackers
WhatsApp Channel:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918
❤2